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REMARKS 

In response to the Office Action mailed November 7, 2008, Applicants 
respectfully request reconsideration. To further the prosecution of this 
Application, Applicants submit the following remarks. 

Drawings 

The Office Action does not specify whether the drawings have been 
accepted or rejected. Applicants, therefore, assume that the drawings are 
acceptable. Applicants respectfully request that the next communication from the 
Office indicate that the drawings are accepted. 

Rejections under §1 02 and 51 03 
Claims 1-16 were rejected under 35 U.S.C. §1 03(a) as being unpatentable 
over U.S. Patent No. 6,006,332 (Rabne, et al.) in view of U.S. Patent No. 
6,658,571 (O'Brien, et al.) and U.S. Patent No. 6,728,885 (Taylor, et al.). Claims 
17 and 19 were rejected under 35 U.S.C. §1 03(a) as being unpatentable over 
Rabne , O'Brien , and Taylor in further view of U.S. Patent No. 5,802,1 78 (Holden, 
et al.). Claim 18 was rejected under 35 U.S.C. §1 03(a) as being unpatentable 
over Rabne , O'Brien , and Taylor in further view of U.S. patent No. 7,392,234 
(Shaath, et al.). 

Applicants respectfully traverse each of these rejections and request 
reconsideration. The claims are in allowable condition. 

Rabne discloses a rights management server 10, which sends one or 
more rights manage compliant (RMc) browsers 36 to a client workstation 20 (Col. 
6, lines 31-48). 

O'Brien discloses security modules 105, which are loaded into the 
operating system kernel to make and enforce application-specific or resource- 
specific policy decisions (Col. 3, lines 38-40). The security policy is stated as a 
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set of rules identifying which computing resources 106 the browser is allowed to 
access as well as what permissions the browser has (Col. 7, lines 26-30). 

Taylor discloses multilevel security for a computer network (ABSTRACT) 
using adaptive proxies (TITLE). 

Claim 1 recites a dynamic file access control and management system 
configured to access one or more content sources, including a set of content. 
The system includes (A) a proxy system linked to said one or more content 
sources, said proxy system comprising an access control module configured to 
selectively obtain content comprising data blocks from said content sources on 
an individual block basis as a function of an authorization of a user requesting 
said content and a set of access policies comprising a set of predefined usage 
policies associated with said content for said user, (B) a rights management 
module configured to generate a set of usage rights associated with said content 
as a function of the set of predefined usage policies associated with said content 
for said user, (C) at least one client device having a client module configured to 
interface to a client operating system kernel, said client module configured to 
enforce the set of usage rights within the operating system kernel without 
application rewrites, wherein enforcing the set of usage rights within the 
operating system kernel includes (1) intercepting a system call between an 
application and the client operating system, (2) evaluating the system call based 
on the set of usage rights, and (3) blocking or modifying the system call based on 
said evaluation, and (D) one or more communication means, via which said 
content and said usage rights are provided to said client device. 

The cited references do not teach, either alone or in combination, a 
system, which includes (C) at least one client device having a client module 
configured to interface to a client operating system kernel, said client module 
configured to enforce the set of usage rights within the operating system kernel 
without application rewrites, wherein enforcing the set of usage rights within the 
operating system kernel includes (1) intercepting a system call between an 
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application and the client operating system, (2) evaluating the system call based 
on the set of usage rights, and (3) blocking or modifying the system call based on 
said evaluation, and (D) one or more communication means, via which said 
content and said usage rights are provided to said client device. 

Rather, as mentioned above, Rabne discloses a rights management 
server 10, which sends one or more rights manage compliant (RMc) browsers 36 
to a client workstation 20. No mention is made of communicating usage rights to 
a client device. However, the Office Action, on page 7, cited Col. 3, lines 52-59 of 
Rabne as teaching this feature. The Office Action further argues, on page 2, that 
user permissions are implicitly sent to the client device via the RMc browsers 
36. In any case, Rabne does not teach a system, which includes (C) at least one 
client device having a client module configured to interface to a client operating 
system kernel, said client module configured to enforce the set of usage rights 
within the operating system kernel without application rewrites, wherein enforcing 
the set of usage rights within the operating system kernel includes (1) 
intercepting a system call between an application and the client operating 
system, (2) evaluating the system call based on the set of usage rights, and (3) 
blocking or modifying the system call based on said evaluation. 

As mentioned above, O'Brien discloses security modules 105, which are 
loaded into the operating system kernel to make and enforce application-specific 
or resource-specific policy decisions. The security policy is stated as a set of 
rules identifying which computing resources 106 the browser is allowed to 
access as well as what permissions the browser has. The Office Action, on page 
7, cited Col. 5, lines 56-66 and Col. 7, lines 27-40 as teaching evaluating the 
system call based on the set of usage rights. 

However, it would not be obvious to a person having ordinary skill in the 
art to combine Rabne and O'Brien as the Office Action suggests (on pages 4-5). 
As noted above, Rabne teaches sending RMc browsers 36 to client workstation 
20, while O'Brien teaches making use of a set of rules to determine access 
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permissions. In order to combine Rabne with O'Brien as the Office Action desires 
to do, a practitioner would have to design a system having a client that receives 
an RMc browser from a rights management server, the RMc browser having the 
ability to provide access to intellectual property, and the client would also have to 
have a kernel-loaded program capable of enforcing a set of rules. Clearly, there 
is a gap between the references, since before the kernel-loaded program could 
enforce the set of rules, it would have to first extract the rules built into the RMc 
browser. Not only is this an impermissible gap between the cited references, but 
further it would be nonsensical for rules to be sent embedded within the 
structure of an RMc browser only to be extracted and applied by a kernel- 
loaded program. Thus, sending an RMc browser 20 to a client as in Rabne and 
applying a set of rules to make and enforce application-specific or resource- 
specific policy decisions as in O'Brien are fundamentally incompatible with 
each other. 

Thus, for the reasons stated above, claim 1 patentably distinguishes over 
the cited prior art, and the rejection of claim 1 under 35 U.S.C. §1 03(a) should be 
withdrawn. Accordingly, claim 1 is in allowable condition. 

Because claims 2-8 and 17-18 depend from and further limit claim 1, 
claims 2-8 and 17-18 are in allowable condition for at least the same reasons. 
Additionally, it should be understood that the dependent claims recite additional 
features which further patentably distinguish over the cited prior art. 

Claim 9 recites a method having limitations similar to the limitations found 
in claim 1 . Accordingly, claim 9 distinguishes over the prior art for reasons similar 
to those presented above in connection with claim 1 . For the reasons stated 
above, claim 9 patentably distinguishes over the cited prior art, and the rejection 
of claim 9 under 35 U.S.C. §1 03(a) should be withdrawn. Accordingly, claim 9 is 
now in allowable condition. 
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Because claims 10-16 and 19 depend from and further limit claim 9, 
claims 10-16 and 19 are in allowable condition for at least the same reasons. 
Additionally, it should be understood that the dependent claims recite additional 
features which further patentably distinguish over the cited prior art. 

Conclusion 

In view of the foregoing remarks, this Application should be in condition for 
allowance. A Notice to this effect is respectfully requested. If the Examiner 
believes, after this Response, that the Application is not in condition for 
allowance, the Examiner is respectfully requested to call the Applicants' 
Representative at the number below. 

Applicants hereby petition for any extension of time which is required to 
maintain the pendency of this case. If there is a fee occasioned by this response, 
including an extension fee, please charge any deficiency to Deposit Account No. 
50-3661 . 
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If the enclosed papers or fees are considered incomplete, the Patent 
Office is respectfully requested to contact the undersigned collect at 
(508) 616-2900, in Westborough, Massachusetts. 



Respectfully submitted, 



/Michael Ari Behar/ 

M. Ari Behar, Esq. 

Attorney for Applicants 

Registration No.: 58,203 

Bainwood, Huang & Associates, L.L.C. 

Highpoint Center 

2 Connector Road 

Westborough, Massachusetts 01581 
Telephone: (508)616-2900 
Facsimile: (508) 366-4688 
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